|
|||||
|
|
| 面向自治域的DoS攻击流抑制模型 | |
| 引用本文: | 江先亮,金光,杨建刚,何加铭.面向自治域的DoS攻击流抑制模型[J].通信学报,2013,34(9):132-141. |
| 作者姓名: | 江先亮 金光 杨建刚 何加铭 |
| 作者单位: | 1. 浙江大学 计算机科学与技术学院,浙江 杭州310027; 浙江省移动网络应用技术重点实验室,浙江 宁波315211 2. 宁波大学 信息科学与工程学院,浙江 宁波315211; 浙江省移动网络应用技术重点实验室,浙江 宁波315211 3. 浙江大学 计算机科学与技术学院,浙江 杭州,310027 |
| 基金项目: | 国家科技重大专项基金资助项目(2011ZX03002-004-02);浙江省移动网科技创新团队基金资助项目(2010R50009);浙江省自然科学基金资助项目(LY12F02013);宁波市自然科学基金资助项目(2012A610014);宁波市移动网络应用技术创新团队基金资助项目(2011B81002) |
| 摘 要: | 针对因特网上的DoS攻击,结合下一代安全因特网架构,分析了现有权证方案在申请、授权和解授权等方面的问题。兼顾网络拥塞反馈机制,结合多级主动队列、信誉计算等思想,提出了一种面向自治域的DoS攻击流抑制模型,并进一步分析其有效性。通过在NS2上利用权威的CAIDA真实拓扑数据集,对权证授权时间和授权通信量、平均权证获取时间、不同方案的文件传输时间进行对比分析和评价,结果表明本方案能有效降低平均权证获取时间,提高文件传输效率,使权证方案更具可行性和顽健性。 |
| 关 键 词: | 网络安全 拒绝服务攻击 自治域 网络拥塞 权证 |
| 收稿时间: | 7/6/2012 12:00:00 AM |
AS-level model for restraining DoS attacks |
|
| JIANG Xian-liang , JIN Guang , YANG Jian-gang , HE Jia-ming.AS-level model for restraining DoS attacks[J].Journal on Communications,2013,34(9):132-141. | |
| Authors: | JIANG Xian-liang JIN Guang YANG Jian-gang HE Jia-ming |
| Affiliation: | 1. CollegeofComputer Science and Technology,Zhejiang University,Hangzhou310027,China;2. Collegeof Information Science and Engineering,Ningbo University,Ningbo 315211,China;3. Mobile Network Application Technology Key Laboratory of Zhejiang Province,Ningbo 315211,China |
| Abstract: | Combined with the next generation security architecture,a novel AS-level defense scheme was proposed to restrain DoS attacks in the Internet.And the deficiencies of previous capability schemes were analyzed in detail,especially on requesting/withdrawing authorization of capabilities.The scheme takes account of a congestion feedback mechanism,a combination with multi-level active queue management,and the credit computation.Then a further analysis on the scheme’s effectiveness was presented.Several experiments with NS2 and CAIDA’s topology datasets were performed to evaluate the authorizing time and traffic,the average requesting time and common file transfer time of different schemes.The results show that this scheme can effectively reduce the average requesting time of capabilities,improve common file transfer efficiency,and enhance the feasibility and robustness. |
| Keywords: | network security denial-of-service attack autonomous system network congestion capabilities |
| 本文献已被 万方数据 等数据库收录! | |
| 点击此处可从《通信学报》浏览原始摘要信息 | |
| 点击此处可从《通信学报》下载全文 | |